I've got some code that will automatically clean out any mail account with the virus. I'm writing it up now and posting it to FA. I can get it or something similar to you asap . The virus is actually really easy to detect and stop once you know its patterns and I've got them. Just from the headers alone I can detect it with 100% accuracy.
> Tim, > It's bad enough here that the Chancellor has declared SoBig a campus crisis. > They're meeting about it right now, apparently. And, apparently, any IP > found to be spewing SoBig will immediately be taken off line. (That's the > pre-meeting rumor anyway.) > > -Deanna > > ----- Original Message ----- > From: "Heald, Tim" <[EMAIL PROTECTED]> > To: "CF-Community" <[EMAIL PROTECTED]> > Sent: Wednesday, August 20, 2003 11:29 AM > Subject: RE: Clean off > > > > Thankfully between gov't email and speakeasy's amazing services I am > > relatively untouched by the madness around me. > > > > How bad is it for other people? I am writing a special topic paper on > soBig > > and the blaster variants, and tying it into change/patch management > > practices. I would really love to hear back from anyone that's been hit, > > about how they have dealt with it. Also those that weren't affected, what > > practices and policies do you have in place to help you mitigate some of > the > > threat? > > > > Thanks, > > > > Timothy Heald > > Information Systems Specialist > > Overseas Security Advisory Council > > U.S. Department of State > > 571.345.2235 > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, August 20, 2003 12:26 PM > > To: CF-Community > > Subject: Clean off > > > > > > I'm assuming everyone is covered by spam at the moment can can't post. If > > so, > > how about using CF to do your cleanup for you. Use CFPOP to get all the > > headers > > from your mail box (or maybe the first 20-50 at a time) and then run this > > against the returned query: > > SELECT Subject > > FROM Spam > > WHERE (DomainChecked = 0) AND (Subject LIKE '%Thank you%' OR > > Subject LIKE '%Approved%' OR > > Subject LIKE '%Details%' OR > > Subject LIKE '%Wicked screensaver%' OR > > Subject LIKE '%movie%' OR > > Subject LIKE '%your application%' OR > > Subject LIKE '%attachment%' OR > > Subject LIKE '%failure%' OR > > Subject LIKE '%failed%' OR > > Subject LIKE '%returned%' OR > > Subject LIKE '%virus%') > > ORDER BY Subject > > Anything that comes back can be routed to the screen so you can view the > > subject > > and other info. If its spam, just tell CFPOP to delete it. Saves on the > > downloading and can even be automated more. > > If you have access to your mail server, I've got an additional script > > suggestion > > that'll do the job automatically by detecting any mail files with viruses > in > > them. Just needs CF, CFDIRECTORY, a CFX and a CFIF. > > > > Michael Dinowitz > > Finding technical solutions to the problems you didn't know you had yet > > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/lists.cfm?link=t:5 Subscription: http://www.houseoffusion.com/lists.cfm?link=s:5 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.5 Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm
